Deciding how to prioritize cybersecurity spending often becomes a marketing exercise instead of one based upon standards and a sound understanding of cybersecurity risk. With the myriad challenges facing our customers, we understand that the need for a standards-based framework is the best way to achieve consistent cybersecurity outcomes.
Developed in response to Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity” of February 2013, the Framework recommends risk management processes that enable organizations to inform and prioritize decisions regarding cybersecurity based on business needs, without additional regulatory requirements. It enables organizations—regardless of sector, size, degree of cybersecurity risk, or cybersecurity sophistication—to apply the principles and effective practices of risk management to improve the security and resilience of critical infrastructure. The Framework is designed to complement, but not replace or limit, an organization’s risk management process and cybersecurity program and has been adopted by Adapture as the basis of its existing Cyber Security Program.
The three main components of the Framework are the Core Functions, Risk Management Scale, and Maturity Profile.
The Adapture Cyber Security Management program addresses the Cybersecurity Framework (CSF) throughout every facet of the program, as illustrated in the adjacent diagram. At each point in the cycle, we address a corresponding Cybersecurity Framework-centered focus. The Adapture Account Executives, Architects, Consultants, and Engineers are all well versed in the framework and its mapping to the Adapture Project Management process.
The tenets of the Cybersecurity Framework are woven in the culture of Adapture, and the implementation of the framework is based on a continuous-improvement methodology. By following the framework, we’re able to help our customers understand their current risk profile and develop a roadmap for improvement.